From nobody Mon May 6 05:56:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84895+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84895+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639568383; cv=none; d=zohomail.com; s=zohoarc; b=Ie81T3oFWB9qNV1+5kGFYj580BIPaEN/j+v8jk7dzhlQtU++H5pannHU5XgMLaxmHjFE41hZCJWJVEX8DbtcACa47o8Wz8rsZqmjKKmUSRyKuUF/xaUh5v9zcl481alLICNESJn58Gs2QUd/btGsFxZdicCBR46v9E9nLXw7oNs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639568383; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=nmL1/6DNPMHnpHtu6REtuVbOBEDjG94GqHzj5rSabDM=; b=PdJWZr/syuhIZ3ssxIPejR5bYDSTCvUBnJ5E1G1XA/kwilDZBHfdKJBmvQKw/qL79bWJ3iabPSFVGI8V9YqtgUpc76vpi4EuN8jEhj4ylTedlQYnqyNTEJoJ/V6c/97ERu3DYukblTHA+qGJJPpMGEoP45fSMUHAgoj+Qzz/s7s= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84895+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1639568383602143.79463491071738; Wed, 15 Dec 2021 03:39:43 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id LSklYY1788612xrMLA4RKhA6; Wed, 15 Dec 2021 03:39:43 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web12.39469.1639568382362433796 for ; Wed, 15 Dec 2021 03:39:42 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-112-pca5zKOJPUmv7DXgITLkgw-1; Wed, 15 Dec 2021 06:39:38 -0500 X-MC-Unique: pca5zKOJPUmv7DXgITLkgw-1 X-Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0632B1006AA1; Wed, 15 Dec 2021 11:39:37 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB6D5798D5; Wed, 15 Dec 2021 11:39:21 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 09A7B1800614; Wed, 15 Dec 2021 12:39:20 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Tom Lendacky , James Bottomley , Jiewen Yao , Jordan Justen , Min Xu , Stefan Berger , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pawel Polawski , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Brijesh Singh , Gerd Hoffmann , Erdem Aktas , Ard Biesheuvel Subject: [edk2-devel] [PATCH v4 1/5] OvmfPkg: remove unused TPM options from MicrovmX64.dsc Date: Wed, 15 Dec 2021 12:39:16 +0100 Message-Id: <20211215113920.1015403-2-kraxel@redhat.com> In-Reply-To: <20211215113920.1015403-1-kraxel@redhat.com> References: <20211215113920.1015403-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: hA9BJwwfJpbfnRvsPhksNmwzx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639568383; bh=RTS8PH3yE8rysUapIDNrJnasQH5+PEV+45WXzlx8k/E=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=L5rR2ehIuLrY45llbhBqnMC58H/+jYlThdv+A+XcteE1j8OV9qvtlXCmT0/Q7/bI+Fz oCL/EUgRZj9s/hSMNwa9izgX1HdUYLFBSBS16c/VeMJXK6Dk8MVQK3SCoWpyTjYBFDADY 8yDLzgHqh5RyQGlSvGJWWZgIzFtmAH7nD1M= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639568384487100004 Content-Type: text/plain; charset="utf-8" Signed-off-by: Gerd Hoffmann Acked-by: Jiewen Yao --- OvmfPkg/Microvm/MicrovmX64.dsc | 2 -- 1 file changed, 2 deletions(-) diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index bb256fd3c640..1c2e600febee 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -32,8 +32,6 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE =20 # # Network definition --=20 2.33.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84895): https://edk2.groups.io/g/devel/message/84895 Mute This Topic: https://groups.io/mt/87742049/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 05:56:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84896+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84896+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639568385; cv=none; d=zohomail.com; s=zohoarc; b=UHznER/zjLSRxPxjQSuTgSm0Wy084Lybd7Ojv5zNmRmFOx2Df1ptQWcXzCRqb1rKLLmtvtIfzCa6XU9i0UczYN+NhvrZHqo9EN+r2b7N/0RBRupM7lH0FtP5iDVHnArJ9msFlGUgR/lXC9Wf0NOrjK2NSC9oAhqd961beDs1VsI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639568385; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=iX10DFJpH7rXb6AZbH1HNQAGxsp+DCD2Oh4CWIgY4NA=; b=i/KuYzuuSQfxJHsZAgHwRuhHyS9JFUlF2V688ZS0UrQFIV12uUFMbLa2G9f4lgfDV62gGyohEQu9PlcyZQ7qdKnAXGzKrOnbtyy+oX/gFS7CAa26YQtFBLo18yk1ks6gUi8+lIlRySsAoeJOnu0Uel6Foipa/3uzEssCKWhN7cE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84896+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1639568385571311.5051321344233; Wed, 15 Dec 2021 03:39:45 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id oNpsYY1788612xfF9OYVkB8D; Wed, 15 Dec 2021 03:39:45 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web12.39470.1639568384496301697 for ; Wed, 15 Dec 2021 03:39:44 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-321-KmMEHVSDNHSDm6b4T5MQlw-1; Wed, 15 Dec 2021 06:39:40 -0500 X-MC-Unique: KmMEHVSDNHSDm6b4T5MQlw-1 X-Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A0F6D3E741; Wed, 15 Dec 2021 11:39:38 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C2C23795B1; Wed, 15 Dec 2021 11:39:37 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0F35D180061A; Wed, 15 Dec 2021 12:39:20 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Tom Lendacky , James Bottomley , Jiewen Yao , Jordan Justen , Min Xu , Stefan Berger , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pawel Polawski , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Brijesh Singh , Gerd Hoffmann , Erdem Aktas , Ard Biesheuvel Subject: [edk2-devel] [PATCH v4 2/5] OvmfPkg: move tcg configuration to dsc and fdf include files Date: Wed, 15 Dec 2021 12:39:17 +0100 Message-Id: <20211215113920.1015403-3-kraxel@redhat.com> In-Reply-To: <20211215113920.1015403-1-kraxel@redhat.com> References: <20211215113920.1015403-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: BIRyJJlPRP8nAL9N20iPjSW6x1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639568385; bh=N/zjai84EJeMvCz4JNI45ft2SO8qeCNoYCEqLxYeAdA=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=CkLwDm5Vd9ResRJyFRKop3lj+wzQG5wjZq/umoF6SsG3uBrgTdB0Jg5MNwl1zXWR5e5 PSFvuIgnXaJg8jdfgGOvuycHEFnrCqirUHpX0xHKjth/dVR3lrUm8nnGcHGhl//idKLh4 5lDqg3iTMZp1Z2vGQuKYeocMl8MkPMOq7AY= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639568386971100002 Content-Type: text/plain; charset="utf-8" With this in place the tpm configuration is not duplicated for each of our four ovmf config variants (ia32, ia32x64, x64, amdsev) and it is easier to keep them all in sync when updating the tpm configuration. No functional change. Signed-off-by: Gerd Hoffmann Reviewed-by: Stefan Berger Acked-by: Jiewen Yao --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 28 +++++++++ OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 22 +++++++ OvmfPkg/OvmfTpmDefines.dsc.inc | 6 ++ OvmfPkg/OvmfTpmLibs.dsc.inc | 14 +++++ OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 8 +++ OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 9 +++ OvmfPkg/OvmfTpmPcds.dsc.inc | 7 +++ OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 8 +++ OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 8 +++ OvmfPkg/AmdSev/AmdSevX64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgIa32.dsc | 88 ++++------------------------ OvmfPkg/OvmfPkgIa32X64.dsc | 85 ++++----------------------- OvmfPkg/OvmfPkgX64.dsc | 85 ++++----------------------- OvmfPkg/AmdSev/AmdSevX64.fdf | 17 +----- OvmfPkg/OvmfPkgIa32.fdf | 17 +----- OvmfPkg/OvmfPkgIa32X64.fdf | 17 +----- OvmfPkg/OvmfPkgX64.fdf | 17 +----- OvmfPkg/OvmfTpmDxe.fdf.inc | 12 ++++ OvmfPkg/OvmfTpmPei.fdf.inc | 11 ++++ 19 files changed, 185 insertions(+), 359 deletions(-) create mode 100644 OvmfPkg/OvmfTpmComponentsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmComponentsPei.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDefines.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibs.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsDxe.dsc.inc create mode 100644 OvmfPkg/OvmfTpmLibsPeim.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcds.dsc.inc create mode 100644 OvmfPkg/OvmfTpmPcdsHii.dsc.inc create mode 100644 OvmfPkg/OvmfTpmSecurityStub.dsc.inc create mode 100644 OvmfPkg/OvmfTpmDxe.fdf.inc create mode 100644 OvmfPkg/OvmfTpmPei.fdf.inc diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc new file mode 100644 index 000000000000..d5c2586118f1 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -0,0 +1,28 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { + + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf + NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE + SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif + SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { + + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf + } + SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc new file mode 100644 index 000000000000..99fa7c13b3e7 --- /dev/null +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -0,0 +1,22 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + SecurityPkg/Tcg/TcgPei/TcgPei.inf + SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { + + HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf + NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf + NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf + NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf + NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf + } + SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { + + TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf + } +!endif diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc new file mode 100644 index 000000000000..51da7508b307 --- /dev/null +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -0,0 +1,6 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + + DEFINE TPM_ENABLE =3D FALSE + DEFINE TPM_CONFIG_ENABLE =3D FALSE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc new file mode 100644 index 000000000000..50100f2c0371 --- /dev/null +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -0,0 +1,14 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf + Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf + Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf + TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf +!else + Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf + TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc new file mode 100644 index 000000000000..67d5027abaea --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf +!endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.= inc new file mode 100644 index 000000000000..4e84e3dcaaeb --- /dev/null +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -0,0 +1,9 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf + Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf + Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf +!endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc new file mode 100644 index 000000000000..0e7f83c04bd7 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -0,0 +1,7 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} +!endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc new file mode 100644 index 000000000000..164bc9c7fca0 --- /dev/null +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE + gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS + gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS +!endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityS= tub.dsc.inc new file mode 100644 index 000000000000..4bd4066843ef --- /dev/null +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -0,0 +1,8 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE + NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf + NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!endif diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 59bd17f31b28..04ae61cf69d8 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -32,8 +32,8 @@ [Defines] # -D FLAG=3DVALUE # DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Shell can be useful for debugging but should not be enabled for produc= tion @@ -203,16 +203,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -286,11 +277,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -371,10 +358,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/GenericQemuLoadImageLib/GenericQemuLoad= ImageLib.inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -580,15 +565,10 @@ [PcdsDynamicDefault] # Set ConfidentialComputing defaults gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -629,24 +609,7 @@ [Components] UefiCpuPkg/CpuMpPei/CpuMpPei.inf OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -668,10 +631,7 @@ [Components] =20 MdeModulePkg/Universal/SecurityStubDxe/SecurityStubDxe.inf { -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -843,27 +803,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index f8873d515592..085cc7ece15d 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -32,10 +32,10 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE DEFINE LOAD_X64_ON_IA32_ENABLE =3D FALSE =20 +!include OvmfPkg/OvmfTpmDefines.dsc.inc + # # Network definition # @@ -229,16 +229,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -310,11 +301,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -402,10 +389,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -645,9 +630,7 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 @@ -657,10 +640,7 @@ [PcdsDynamicDefault] gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -710,24 +690,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -752,10 +715,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf !endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1024,31 +984,5 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc =20 -!if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE - OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf -!endif diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 9b72575da100..0ce122ddb50c 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -314,11 +305,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -406,10 +393,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -657,9 +642,7 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 # Set ConfidentialComputing defaults gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 @@ -670,10 +653,7 @@ [PcdsDynamicDefault.X64] gEfiNetworkPkgTokenSpaceGuid.PcdIPv6PXESupport|0x01 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -723,24 +703,7 @@ [Components.IA32] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 [Components.X64] # @@ -766,10 +729,7 @@ [Components.X64] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf !endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf -!endif +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc } =20 MdeModulePkg/Universal/EbcDxe/EbcDxe.inf @@ -1042,27 +1002,4 @@ [Components.X64] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index 190cb7f09974..4589adff388d 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -32,8 +32,8 @@ [Defines] DEFINE SECURE_BOOT_ENABLE =3D FALSE DEFINE SMM_REQUIRE =3D FALSE DEFINE SOURCE_DEBUG_ENABLE =3D FALSE - DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE + +!include OvmfPkg/OvmfTpmDefines.dsc.inc =20 # # Network definition @@ -233,16 +233,7 @@ [LibraryClasses] SmbusLib|MdePkg/Library/BaseSmbusLibNull/BaseSmbusLibNull.inf OrderedCollectionLib|MdePkg/Library/BaseOrderedCollectionRedBlackTreeLib= /BaseOrderedCollectionRedBlackTreeLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf - Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf - Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf - TpmMeasurementLib|SecurityPkg/Library/DxeTpmMeasurementLib/DxeTpmMeasure= mentLib.inf -!else - Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibNull/DxeT= cg2PhysicalPresenceLib.inf - TpmMeasurementLib|MdeModulePkg/Library/TpmMeasurementLibNull/TpmMeasurem= entLibNull.inf -!endif +!include OvmfPkg/OvmfTpmLibs.dsc.inc =20 [LibraryClasses.common] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -315,11 +306,7 @@ [LibraryClasses.common.PEIM] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgPeiLib.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf -!endif +!include OvmfPkg/OvmfTpmLibsPeim.dsc.inc =20 MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/PeiMemEncryptSevLi= b.inf =20 @@ -407,10 +394,8 @@ [LibraryClasses.common.DXE_DRIVER] MpInitLib|UefiCpuPkg/Library/MpInitLib/DxeMpInitLib.inf QemuFwCfgS3Lib|OvmfPkg/Library/QemuFwCfgS3Lib/DxeQemuFwCfgS3LibFwCfg.inf QemuLoadImageLib|OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib= .inf -!if $(TPM_ENABLE) =3D=3D TRUE - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf -!endif + +!include OvmfPkg/OvmfTpmLibsDxe.dsc.inc =20 [LibraryClasses.common.UEFI_APPLICATION] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf @@ -656,9 +641,7 @@ [PcdsDynamicDefault] =20 gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00 =20 -!if $(TPM_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} -!endif +!include OvmfPkg/OvmfTpmPcds.dsc.inc =20 # IPv4 and IPv6 PXE Boot support. gEfiNetworkPkgTokenSpaceGuid.PcdIPv4PXESupport|0x01 @@ -668,10 +651,7 @@ [PcdsDynamicDefault] gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr|0 =20 [PcdsDynamicHii] -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE - gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS - gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS -!endif +!include OvmfPkg/OvmfTpmPcdsHii.dsc.inc =20 ##########################################################################= ###### # @@ -721,24 +701,7 @@ [Components] !endif UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE - OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf - SecurityPkg/Tcg/TcgPei/TcgPei.inf - SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { - - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } - SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsPei.dsc.inc =20 # # DXE Phase modules @@ -762,10 +725,7 @@ [Components] !if $(SECURE_BOOT_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificatio= nLib.inf -!endif -!if $(TPM_ENABLE) =3D=3D TRUE - NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf - NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf +!include OvmfPkg/OvmfTpmSecurityStub.dsc.inc !endif } =20 @@ -1039,27 +999,4 @@ [Components] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { - - Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf - NULL|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2InstanceLibDTpm.inf - HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterDxe.inf - NULL|SecurityPkg/Library/HashInstanceLibSha1/HashInstanceLibSha1.inf - NULL|SecurityPkg/Library/HashInstanceLibSha256/HashInstanceLibSha256= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384= .inf - NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf - NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf - } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE - SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif - SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { - - Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf - } - SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { - - TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf - } -!endif +!include OvmfPkg/OvmfTpmComponentsDxe.dsc.inc diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf index b25035c164eb..14b5b5593f97 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.fdf +++ b/OvmfPkg/AmdSev/AmdSevX64.fdf @@ -156,13 +156,7 @@ [FV.PEIFV] INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf INF OvmfPkg/AmdSev/SecretPei/SecretPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -317,14 +311,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfPkgIa32.fdf b/OvmfPkg/OvmfPkgIa32.fdf index cc73180729b6..a6b2142ccd0c 100644 --- a/OvmfPkg/OvmfPkgIa32.fdf +++ b/OvmfPkg/OvmfPkgIa32.fdf @@ -161,13 +161,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -360,14 +354,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 !if $(LOAD_X64_ON_IA32_ENABLE) =3D=3D TRUE INF OvmfPkg/CompatImageLoaderDxe/CompatImageLoaderDxe.inf diff --git a/OvmfPkg/OvmfPkgIa32X64.fdf b/OvmfPkg/OvmfPkgIa32X64.fdf index ad4b1590fa8d..49266dd46768 100644 --- a/OvmfPkg/OvmfPkgIa32X64.fdf +++ b/OvmfPkg/OvmfPkgIa32X64.fdf @@ -164,13 +164,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -370,14 +364,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf index 1420ae880221..ba7f26d01dc4 100644 --- a/OvmfPkg/OvmfPkgX64.fdf +++ b/OvmfPkg/OvmfPkgX64.fdf @@ -186,13 +186,7 @@ [FV.PEIFV] !endif INF UefiCpuPkg/CpuMpPei/CpuMpPei.inf =20 -!if $(TPM_ENABLE) =3D=3D TRUE -INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf -INF SecurityPkg/Tcg/TcgPei/TcgPei.inf -INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf -INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf -!endif +!include OvmfPkg/OvmfTpmPei.fdf.inc =20 ##########################################################################= ###### =20 @@ -392,14 +386,7 @@ [FV.DXEFV] # # TPM support # -!if $(TPM_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf -INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf -INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE -INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif -!endif +!include OvmfPkg/OvmfTpmDxe.fdf.inc =20 ##########################################################################= ###### =20 diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc new file mode 100644 index 000000000000..9dcdaaf01c39 --- /dev/null +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -0,0 +1,12 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf +INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf +!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE +INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!endif +!endif diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc new file mode 100644 index 000000000000..9aefd73d219c --- /dev/null +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -0,0 +1,11 @@ +## +# SPDX-License-Identifier: BSD-2-Clause-Patent +## + +!if $(TPM_ENABLE) =3D=3D TRUE +INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf +INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf +!endif --=20 2.33.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84896): https://edk2.groups.io/g/devel/message/84896 Mute This Topic: https://groups.io/mt/87742050/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 05:56:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84898+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84898+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639568407; cv=none; d=zohomail.com; s=zohoarc; b=LF/ARVJuvUWJwEgHeRxNBlmiJmnfsIvp0gQVUQNJOCBhuNVPlxcjpK+A2VXDFYA4TN2jjaPdqDv3e/uamHvBXKyjZrralZ0vXPd1uiLP05PUtPe7OLkntyaciPYS+cAFclvA/gOpQDGTxVSh789ok2UQpF9KowledYww2tBUyOU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639568407; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=gFVKzf/+KkUbYrzpkdC2Yx9i2FkZG5z+C6yklzUa/J8=; b=AFnfJBDAg5wU/zvteabSZcEyYbilkrBColacTtF69k/rnBHyBfmydYVpCXWbsYG4G3NKjMj4Ej+PNHkCVs5hieJQ7S2BlyE27d6cFat5NFYvdkGE5BIGPY3BAhUKb8CVC9LrsNR60LaepFt9bCcMCXEtr3nVW0kB3uxvULr3new= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84898+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1639568407661570.2120348671015; Wed, 15 Dec 2021 03:40:07 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id vJu2YY1788612xEVwmciowF5; Wed, 15 Dec 2021 03:40:07 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.groups.io with SMTP id smtpd.web08.39330.1639568406412951703 for ; Wed, 15 Dec 2021 03:40:06 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-328-EYEKZwuyNeWJBkmpCYnBKA-1; Wed, 15 Dec 2021 06:40:02 -0500 X-MC-Unique: EYEKZwuyNeWJBkmpCYnBKA-1 X-Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2959918C89DD; Wed, 15 Dec 2021 11:40:00 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id AF6F796F24; Wed, 15 Dec 2021 11:39:38 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 128C21800620; Wed, 15 Dec 2021 12:39:20 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Tom Lendacky , James Bottomley , Jiewen Yao , Jordan Justen , Min Xu , Stefan Berger , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pawel Polawski , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Brijesh Singh , Gerd Hoffmann , Erdem Aktas , Ard Biesheuvel Subject: [edk2-devel] [PATCH v4 3/5] OvmfPkg: drop TPM_CONFIG_ENABLE Date: Wed, 15 Dec 2021 12:39:18 +0100 Message-Id: <20211215113920.1015403-4-kraxel@redhat.com> In-Reply-To: <20211215113920.1015403-1-kraxel@redhat.com> References: <20211215113920.1015403-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: sXyIXymXlbsMOfDjjtVGo90Nx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639568407; bh=kBAO/78H+r79sZUaFr/Jv8hVac3xJfihRcnWXFBtUPM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=YOnXc11welkeyi9k/VnnKYHKuVgdJk2eXGJazFC7AJWWdPu6WnCTk9Hc4SP3zzCgXe2 WrwcoPArimvCcL59Sx+4SJkxBfPI/iY2+OJs3wzRw7U5u0TSCzy87fGfNIWQZW4wCvSPz 1BVQT/viB1+u69sglwkexD440d/bAANm6Dg= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639568408634100002 Content-Type: text/plain; charset="utf-8" Drop TPM_CONFIG_ENABLE config option. Including TPM support in the build without also including the TPM configuration menu is not useful. Suggested-by: Stefan Berger Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger Acked-by: Jiewen Yao --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 2 -- OvmfPkg/OvmfTpmDefines.dsc.inc | 1 - OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmDxe.fdf.inc | 2 -- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 7 files changed, 8 insertions(+), 13 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc index d5c2586118f1..e025d85a5878 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -14,9 +14,7 @@ NULL|SecurityPkg/Library/HashInstanceLibSha512/HashInstanceLibSha512= .inf NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf -!endif SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 51da7508b307..5df4a331fb99 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -3,4 +3,3 @@ ## =20 DEFINE TPM_ENABLE =3D FALSE - DEFINE TPM_CONFIG_ENABLE =3D FALSE diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 164bc9c7fca0..2e02a5b4cb90 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE && $(TPM_CONFIG_ENABLE) =3D=3D TRUE +!if $(TPM_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 9dcdaaf01c39..32eef246387a 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -6,7 +6,5 @@ INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf -!if $(TPM_CONFIG_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf !endif -!endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/P= latformCI/.azurepipelines/Ubuntu-GCC5.yml index 2de0688cfeb1..a908a5fe919a 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPk= g/PlatformCI/.azurepipelines/Windows-VS2019.yml index 2e07a3d8893a..09f9851312a2 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_TPM_CONFIG_ENABLE=3D1 BLD_*_NETWORK_TLS_ENA= BLE=3D1 BLD_*_NETWORK_IP6_ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 2ce9007dbeaa..44aa7c4a9db2 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | Non= e | | X64 | X64 | OvmfPkgIa64.dsc | Non= e | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | Non= e | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM_ENABLE=3D1 TPM_CONFIG_ENABLE=3D1 NE= TWORK_TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM_ENABLE=3D1 NETWORK_TLS_ENABLE=3D1 N= ETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D1 | =20 ## EDK2 Developer environment =20 --=20 2.33.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84898): https://edk2.groups.io/g/devel/message/84898 Mute This Topic: https://groups.io/mt/87742054/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 05:56:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84897+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84897+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639568405; cv=none; d=zohomail.com; s=zohoarc; b=Wrh+KtUOL5QsUqiTabR+yNFqp4K+Lay2lVuWilJv1OGNrOdMDB3UWEycSmERLb7tnasc95I9IlPCaDDWxWW3R5jWalvc9KTuEB3sgAYvfl7k+Hsv7IdWwu+EjGhrsgU37ffkrTWesf7Vgi06I+alg/W/3k0F5Gx01CFpd0C51kY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639568405; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=ju319hzi2DiA815vvEz2JKayUH80LwhItgKTc7jChpg=; b=HXIc/DXaIP3+hxrfVQ92z99WpWWJGeDR9ZYHuTEf6hH4qBJEb7ZsNbypzuytQhaOfu/OmOqcQGbh/ykEpJZe0VHX1MgUJ3NTwoTfxawd9Wz/GpmJY0PVo+HnRMizjHcpAM0ELJoGsH+D1zAwxt1TifWrCvXlyaovkE088/Qc50Y= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84897+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 1639568405743289.54434307099893; Wed, 15 Dec 2021 03:40:05 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id OXuuYY1788612xxx3y9D5mch; Wed, 15 Dec 2021 03:40:05 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web10.39207.1639568404472837937 for ; Wed, 15 Dec 2021 03:40:04 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-15-X0fLfDj6NCOrpQMNPwbxww-1; Wed, 15 Dec 2021 06:40:02 -0500 X-MC-Unique: X0fLfDj6NCOrpQMNPwbxww-1 X-Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3111E801B35; Wed, 15 Dec 2021 11:40:00 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 77EAB96F2C; Wed, 15 Dec 2021 11:39:40 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 15A091800622; Wed, 15 Dec 2021 12:39:20 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Tom Lendacky , James Bottomley , Jiewen Yao , Jordan Justen , Min Xu , Stefan Berger , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pawel Polawski , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Brijesh Singh , Gerd Hoffmann , Erdem Aktas , Ard Biesheuvel Subject: [edk2-devel] [PATCH v4 4/5] OvmfPkg: create Tcg12ConfigPei.inf Date: Wed, 15 Dec 2021 12:39:19 +0100 Message-Id: <20211215113920.1015403-5-kraxel@redhat.com> In-Reply-To: <20211215113920.1015403-1-kraxel@redhat.com> References: <20211215113920.1015403-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: 2whoR1H6Ntjldr1vPNYBwcRLx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639568405; bh=9IgY9yGbcp/XbUJkfZ6nQF40zMRHCnV8M7wygPnYIzc=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=rB3tKGKy6AnUmBoyMvSmUWMr3HaN4Do6KD2seusnsD6rQBdBmXYo+Pex4kTu7IzLVD6 35xZi+bar5iBurJP433rhOj2HY3J2+IEy6iCIYx6EBczGQB13uJsGL8TMwAtfhJYm+DWK vfo3aZJQmtwOgLfgV6cGHVljB9GM2AbOBB8= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639568406181100001 Content-Type: text/plain; charset="utf-8" Split Tcg2ConfigPei.inf into two variants: Tcg12ConfigPei.inf with TPM 1.2 support included and Tcg2ConfigPei.inf supporting TPM 2.0 only. This allows x86 builds to choose whenever TPM 1.2 support should be included or not by picking the one or the other inf file. Switch x86 builds to Tcg12ConfigPei.inf, so they continue to have TPM 1.2 support. No functional change. Signed-off-by: Gerd Hoffmann Reviewed-by: Stefan Berger Tested-by: Stefan Berger Acked-by: Jiewen Yao --- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 2 +- .../{Tcg2ConfigPei.inf =3D> Tcg12ConfigPei.inf} | 11 ++--------- OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf | 11 +---------- OvmfPkg/OvmfTpmPei.fdf.inc | 2 +- 4 files changed, 5 insertions(+), 21 deletions(-) copy OvmfPkg/Tcg/Tcg2Config/{Tcg2ConfigPei.inf =3D> Tcg12ConfigPei.inf} (8= 2%) diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc index 99fa7c13b3e7..87d491da5047 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -4,7 +4,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf - OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf + OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg12ConfigPei.inf similarity index 82% copy from OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf copy to OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf index 39d1deeed16b..e8e0b88e6058 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf @@ -1,5 +1,5 @@ ## @file -# Set TPM device type +# Set TPM device type - supports TPM 1.2 and 2.0 # # In SecurityPkg, this module initializes the TPM device type based on a U= EFI # variable and/or hardware detection. In OvmfPkg, the module only performs= TPM @@ -14,7 +14,7 @@ [Defines] INF_VERSION =3D 0x00010005 BASE_NAME =3D Tcg2ConfigPei - FILE_GUID =3D BF7F2B0C-9F2F-4889-AB5C-12460022BE87 + FILE_GUID =3D 8AD3148F-945F-46B4-8ACD-71469EA73945 MODULE_TYPE =3D PEIM VERSION_STRING =3D 1.0 ENTRY_POINT =3D Tcg2ConfigPeimEntryPoint @@ -22,13 +22,8 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] Tpm12Support.c =20 -[Sources.ARM, Sources.AARCH64] - Tpm12SupportNull.c - [Packages] MdePkg/MdePkg.dec MdeModulePkg/MdeModulePkg.dec @@ -40,8 +35,6 @@ [LibraryClasses] DebugLib PeiServicesLib Tpm2DeviceLib - -[LibraryClasses.IA32, LibraryClasses.X64] BaseLib Tpm12DeviceLib =20 diff --git a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf b/OvmfPkg/Tcg/Tcg2Con= fig/Tcg2ConfigPei.inf index 39d1deeed16b..51078c981374 100644 --- a/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +++ b/OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf @@ -1,5 +1,5 @@ ## @file -# Set TPM device type +# Set TPM device type - supports TPM 2.0 only # # In SecurityPkg, this module initializes the TPM device type based on a U= EFI # variable and/or hardware detection. In OvmfPkg, the module only performs= TPM @@ -22,11 +22,6 @@ [Defines] [Sources] Tcg2ConfigPeim.c Tpm12Support.h - -[Sources.IA32, Sources.X64] - Tpm12Support.c - -[Sources.ARM, Sources.AARCH64] Tpm12SupportNull.c =20 [Packages] @@ -41,10 +36,6 @@ [LibraryClasses] PeiServicesLib Tpm2DeviceLib =20 -[LibraryClasses.IA32, LibraryClasses.X64] - BaseLib - Tpm12DeviceLib - [Guids] gEfiTpmDeviceSelectedGuid ## PRODUCES ## GUID # Used as a PPI = GUID gEfiTpmDeviceInstanceTpm20DtpmGuid ## SOMETIMES_CONSUMES diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 9aefd73d219c..709a608cc3bd 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -4,7 +4,7 @@ =20 !if $(TPM_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf -INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf --=20 2.33.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84897): https://edk2.groups.io/g/devel/message/84897 Mute This Topic: https://groups.io/mt/87742053/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- From nobody Mon May 6 05:56:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) client-ip=66.175.222.108; envelope-from=bounce+27952+84899+1787277+3901457@groups.io; helo=mail02.groups.io; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84899+1787277+3901457@groups.io; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639568411; cv=none; d=zohomail.com; s=zohoarc; b=CdG23EnyqXHzjr453m0J8k4E7kXw7pOomnGG9+e+rGUbi04S4YNDN93YRXoiktLeV6DyN3b7ZCk+zx3MaT8ebb7zRIGquNzyIInNSquRYkvgG79ysPOL6O3hMO3zT26LOZLwA9ux6T1/N2geYdfIW/ki8dCzXHqFBmOIv/835qk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639568411; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:References:Sender:Subject:To; bh=JwZ6waL0VcT+kaDluYBMaB8Vgd0JvWfJAPTcOXwMBB0=; b=Rx+9o1/pFu4K1uek4iyMTRBugi0y8n0Vsyi0z/Gx1LZPR7Rsrzhf4LLUBbplE/sD0Awz+kNubQfz/rmUJuAmNvQwequz0oyUuLRwBfqSrG9LT/JHJBrPKRsbI/ZExqNsLlUhWxXkSqLvcRGdRoWK38bOg1snVFfVfr05aF4l+C8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce+27952+84899+1787277+3901457@groups.io; dmarc=fail header.from= (p=none dis=none) Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by mx.zohomail.com with SMTPS id 163956841175749.63045443625833; Wed, 15 Dec 2021 03:40:11 -0800 (PST) Return-Path: X-Received: by 127.0.0.2 with SMTP id ArPiYY1788612xKQuBbXv4vL; Wed, 15 Dec 2021 03:40:11 -0800 X-Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.groups.io with SMTP id smtpd.web11.39122.1639568410618842904 for ; Wed, 15 Dec 2021 03:40:10 -0800 X-Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-163-QvI6aLmtNAmJcp0rtLuYSQ-1; Wed, 15 Dec 2021 06:40:04 -0500 X-MC-Unique: QvI6aLmtNAmJcp0rtLuYSQ-1 X-Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B1BA9102C854; Wed, 15 Dec 2021 11:40:02 +0000 (UTC) X-Received: from sirius.home.kraxel.org (unknown [10.39.192.14]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C700C92313; Wed, 15 Dec 2021 11:40:01 +0000 (UTC) X-Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 18D7E1800623; Wed, 15 Dec 2021 12:39:20 +0100 (CET) From: "Gerd Hoffmann" To: devel@edk2.groups.io Cc: Tom Lendacky , James Bottomley , Jiewen Yao , Jordan Justen , Min Xu , Stefan Berger , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Pawel Polawski , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Brijesh Singh , Gerd Hoffmann , Erdem Aktas , Ard Biesheuvel Subject: [edk2-devel] [PATCH v4 5/5] OvmfPkg: rework TPM configuration Date: Wed, 15 Dec 2021 12:39:20 +0100 Message-Id: <20211215113920.1015403-6-kraxel@redhat.com> In-Reply-To: <20211215113920.1015403-1-kraxel@redhat.com> References: <20211215113920.1015403-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Precedence: Bulk List-Unsubscribe: List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,kraxel@redhat.com X-Gm-Message-State: zDE8keZ6sd3UmR5L1RkQfAHUx1787277AA= Content-Transfer-Encoding: quoted-printable DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=groups.io; q=dns/txt; s=20140610; t=1639568411; bh=Z/gvq6c4nKiQ7PDG+Yynn5AcMLI5uho+CCQ0r//AEfM=; h=Cc:Content-Type:Date:From:Reply-To:Subject:To; b=TJd/w2TfwfVmbGOGk4KWrcwBb/lQpIVDEdBC+ui9X0hLgSxnkXGKqpF5kY2igkpcPFW q/vm4JVRnzK4Prxft59obuFxLF+Zbaqx+h7ZrWyVXJKTI3L0IoNnuNY7dxCJ9QlxL1P+C uGmHX1rxJmzgMgiShb/9aVzW2wjT7CQKflM= X-ZohoMail-DKIM: pass (identity @groups.io) X-ZM-MESSAGEID: 1639568413726100002 Content-Type: text/plain; charset="utf-8" Rename TPM_ENABLE to TPM2_ENABLE so naming is in line with the ArmVirtPkg config option name. Add separate TPM1_ENABLE option for TPM 1.2 support. Signed-off-by: Gerd Hoffmann Tested-by: Stefan Berger Acked-by: Jiewen Yao --- OvmfPkg/OvmfTpmComponentsDxe.dsc.inc | 4 +++- OvmfPkg/OvmfTpmComponentsPei.dsc.inc | 6 +++++- OvmfPkg/OvmfTpmDefines.dsc.inc | 5 ++++- OvmfPkg/OvmfTpmLibs.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsDxe.dsc.inc | 4 +++- OvmfPkg/OvmfTpmLibsPeim.dsc.inc | 4 +++- OvmfPkg/OvmfTpmPcds.dsc.inc | 2 +- OvmfPkg/OvmfTpmPcdsHii.dsc.inc | 2 +- OvmfPkg/OvmfTpmSecurityStub.dsc.inc | 4 +++- OvmfPkg/OvmfTpmDxe.fdf.inc | 4 +++- OvmfPkg/OvmfTpmPei.fdf.inc | 6 +++++- OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml | 6 +++--- OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml | 6 +++--- OvmfPkg/PlatformCI/ReadMe.md | 2 +- 14 files changed, 41 insertions(+), 18 deletions(-) diff --git a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsDxe.dsc.inc index e025d85a5878..75ae09571e8c 100644 --- a/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsDxe.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf { Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibRouter/Tpm2DeviceLibR= outerDxe.inf @@ -15,10 +15,12 @@ NULL|SecurityPkg/Library/HashInstanceLibSm3/HashInstanceLibSm3.inf } SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf +!if $(TPM1_ENABLE) =3D=3D TRUE SecurityPkg/Tcg/TcgDxe/TcgDxe.inf { Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLib= DTpm.inf } +!endif SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf { TpmPlatformHierarchyLib|SecurityPkg/Library/PeiDxeTpmPlatformHierarc= hyLib/PeiDxeTpmPlatformHierarchyLib.inf diff --git a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc b/OvmfPkg/OvmfTpmComponen= tsPei.dsc.inc index 87d491da5047..fa486eed82d2 100644 --- a/OvmfPkg/OvmfTpmComponentsPei.dsc.inc +++ b/OvmfPkg/OvmfTpmComponentsPei.dsc.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) =3D=3D TRUE OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else + OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf { HashLib|SecurityPkg/Library/HashLibBaseCryptoRouter/HashLibBaseCrypt= oRouterPei.inf diff --git a/OvmfPkg/OvmfTpmDefines.dsc.inc b/OvmfPkg/OvmfTpmDefines.dsc.inc index 5df4a331fb99..a65564d8d9d2 100644 --- a/OvmfPkg/OvmfTpmDefines.dsc.inc +++ b/OvmfPkg/OvmfTpmDefines.dsc.inc @@ -2,4 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 - DEFINE TPM_ENABLE =3D FALSE + DEFINE TPM2_ENABLE =3D FALSE + + # has no effect unless TPM2_ENABLE =3D=3D TRUE + DEFINE TPM1_ENABLE =3D TRUE diff --git a/OvmfPkg/OvmfTpmLibs.dsc.inc b/OvmfPkg/OvmfTpmLibs.dsc.inc index 50100f2c0371..418747b13487 100644 --- a/OvmfPkg/OvmfTpmLibs.dsc.inc +++ b/OvmfPkg/OvmfTpmLibs.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12CommandLib|SecurityPkg/Library/Tpm12CommandLib/Tpm12CommandLib.inf +!endif Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf Tcg2PhysicalPresenceLib|OvmfPkg/Library/Tcg2PhysicalPresenceLibQemu/DxeT= cg2PhysicalPresenceLib.inf Tcg2PpVendorLib|SecurityPkg/Library/Tcg2PpVendorLibNull/Tcg2PpVendorLibN= ull.inf diff --git a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc index 67d5027abaea..1d66cdac778c 100644 --- a/OvmfPkg/OvmfTpmLibsDxe.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsDxe.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibTcg/Tpm12DeviceLibTcg.i= nf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibTcg2/Tpm2DeviceLibTcg2.inf !endif diff --git a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc b/OvmfPkg/OvmfTpmLibsPeim.dsc.= inc index 4e84e3dcaaeb..03caccd7c688 100644 --- a/OvmfPkg/OvmfTpmLibsPeim.dsc.inc +++ b/OvmfPkg/OvmfTpmLibsPeim.dsc.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE BaseCryptLib|CryptoPkg/Library/BaseCryptLib/PeiCryptLib.inf +!if $(TPM1_ENABLE) =3D=3D TRUE Tpm12DeviceLib|SecurityPkg/Library/Tpm12DeviceLibDTpm/Tpm12DeviceLibDTpm= .inf +!endif Tpm2DeviceLib|SecurityPkg/Library/Tpm2DeviceLibDTpm/Tpm2DeviceLibDTpm.inf !endif diff --git a/OvmfPkg/OvmfTpmPcds.dsc.inc b/OvmfPkg/OvmfTpmPcds.dsc.inc index 0e7f83c04bd7..0d55d6273702 100644 --- a/OvmfPkg/OvmfTpmPcds.dsc.inc +++ b/OvmfPkg/OvmfTpmPcds.dsc.inc @@ -2,6 +2,6 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid|{0x00, 0x00, 0x00, 0x00= , 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00} !endif diff --git a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc index 2e02a5b4cb90..e84225323519 100644 --- a/OvmfPkg/OvmfTpmPcdsHii.dsc.inc +++ b/OvmfPkg/OvmfTpmPcdsHii.dsc.inc @@ -2,7 +2,7 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE gEfiSecurityPkgTokenSpaceGuid.PcdTcgPhysicalPresenceInterfaceVer|L"TCG2_= VERSION"|gTcg2ConfigFormSetGuid|0x0|"1.3"|NV,BS gEfiSecurityPkgTokenSpaceGuid.PcdTpm2AcpiTableRev|L"TCG2_VERSION"|gTcg2C= onfigFormSetGuid|0x8|3|NV,BS !endif diff --git a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc b/OvmfPkg/OvmfTpmSecurityS= tub.dsc.inc index 4bd4066843ef..e9ab2fca7bc7 100644 --- a/OvmfPkg/OvmfTpmSecurityStub.dsc.inc +++ b/OvmfPkg/OvmfTpmSecurityStub.dsc.inc @@ -2,7 +2,9 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE NULL|SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.i= nf +!endif NULL|SecurityPkg/Library/DxeTpm2MeasureBootLib/DxeTpm2MeasureBootLib= .inf !endif diff --git a/OvmfPkg/OvmfTpmDxe.fdf.inc b/OvmfPkg/OvmfTpmDxe.fdf.inc index 32eef246387a..7fc2bf8590a4 100644 --- a/OvmfPkg/OvmfTpmDxe.fdf.inc +++ b/OvmfPkg/OvmfTpmDxe.fdf.inc @@ -2,8 +2,10 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE +!if $(TPM1_ENABLE) =3D=3D TRUE INF SecurityPkg/Tcg/TcgDxe/TcgDxe.inf +!endif INF SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf INF SecurityPkg/Tcg/Tcg2PlatformDxe/Tcg2PlatformDxe.inf INF SecurityPkg/Tcg/Tcg2Config/Tcg2ConfigDxe.inf diff --git a/OvmfPkg/OvmfTpmPei.fdf.inc b/OvmfPkg/OvmfTpmPei.fdf.inc index 709a608cc3bd..9f8b9bdd5bed 100644 --- a/OvmfPkg/OvmfTpmPei.fdf.inc +++ b/OvmfPkg/OvmfTpmPei.fdf.inc @@ -2,10 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## =20 -!if $(TPM_ENABLE) =3D=3D TRUE +!if $(TPM2_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/TpmMmioSevDecryptPei/TpmMmioSevDecryptPei.inf +!if $(TPM1_ENABLE) =3D=3D TRUE INF OvmfPkg/Tcg/Tcg2Config/Tcg12ConfigPei.inf INF SecurityPkg/Tcg/TcgPei/TcgPei.inf +!else +INF OvmfPkg/Tcg/Tcg2Config/Tcg2ConfigPei.inf +!endif INF SecurityPkg/Tcg/Tcg2Pei/Tcg2Pei.inf INF SecurityPkg/Tcg/Tcg2PlatformPei/Tcg2PlatformPei.inf !endif diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml b/OvmfPkg/P= latformCI/.azurepipelines/Ubuntu-GCC5.yml index a908a5fe919a..3fed8e0d06e7 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Ubuntu-GCC5.yml @@ -95,21 +95,21 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_E= NABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_E= NABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_NOOPT: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_E= NABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "NOOPT" Run.Flags: $(run_flags) Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml b/OvmfPk= g/PlatformCI/.azurepipelines/Windows-VS2019.yml index 09f9851312a2..68b5d951e908 100644 --- a/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml +++ b/OvmfPkg/PlatformCI/.azurepipelines/Windows-VS2019.yml @@ -94,14 +94,14 @@ jobs: OVMF_IA32X64_FULL_DEBUG: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_E= NABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "DEBUG" Run.Flags: $(run_flags) Run: $(should_run) OVMF_IA32X64_FULL_RELEASE: Build.File: "$(package)/PlatformCI/PlatformBuild.py" Build.Arch: "IA32,X64" - Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_E= NABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" Build.Target: "RELEASE" Run.Flags: $(run_flags) Run: $(should_run) @@ -112,7 +112,7 @@ jobs: # OVMF_IA32X64_FULL_NOOPT: # Build.File: "$(package)/PlatformCI/PlatformBuild.py" # Build.Arch: "IA32,X64" - # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_EN= ABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" + # Build.Flags: "BLD_*_SECURE_BOOT_ENABLE=3D1 BLD_*_SMM_REQUIRE= =3D1 BLD_*_TPM2_ENABLE=3D1 BLD_*_NETWORK_TLS_ENABLE=3D1 BLD_*_NETWORK_IP6_= ENABLE=3D1 BLD_*_NETWORK_HTTP_BOOT_ENABLE=3D1" # Build.Target: "NOOPT" # Run.Flags: $(run_flags) # Run: $(should_run) diff --git a/OvmfPkg/PlatformCI/ReadMe.md b/OvmfPkg/PlatformCI/ReadMe.md index 44aa7c4a9db2..1216dee126f1 100644 --- a/OvmfPkg/PlatformCI/ReadMe.md +++ b/OvmfPkg/PlatformCI/ReadMe.md @@ -14,7 +14,7 @@ supported and are described below. | IA32 | IA32 | OvmfPkgIa32.dsc | Non= e | | X64 | X64 | OvmfPkgIa64.dsc | Non= e | | IA32 X64 | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | Non= e | -| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM_ENABLE=3D1 NETWORK_TLS_ENABLE=3D1 N= ETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D1 | +| IA32 X64 Full | PEI-IA32 DXE-X64 | OvmfPkgIa32X64.dsc | SEC= URE_BOOT_ENABLE=3D1 SMM_REQUIRE=3D1 TPM1_ENABLE=3D1 TPM2_ENABLE=3D1 NETWORK= _TLS_ENABLE=3D1 NETWORK_IP6_ENABLE=3D1 NETWORK_HTTP_BOOT_ENABLE=3D1 | =20 ## EDK2 Developer environment =20 --=20 2.33.1 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#84899): https://edk2.groups.io/g/devel/message/84899 Mute This Topic: https://groups.io/mt/87742055/1787277 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [importer@patchew.org] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-